Project

General

Profile

Backport #22259

jewel: rgw: swift anonymous access doesn't work in jewel

Added by Marcus Watts over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
Release:
jewel

History

#1 Updated by Marcus Watts over 1 year ago

I have a pull request for the fix: https://github.com/ceph/ceph/pull/19194

#2 Updated by Nathan Cutler over 1 year ago

  • Tracker changed from Tasks to Backport
  • Project changed from Stable releases to rgw
  • Status changed from New to Need Review
  • Assignee set to Marcus Watts

This is a jewel-only bugfix.

#3 Updated by Nathan Cutler over 1 year ago

  • Description updated (diff)

description

In ceph jewel, it is possible to store swift read acls of the form ".r:*", but these do not have the expected effect of allowing "anonymous" access to the bucket contents. In more recent versions of ceph (luminous/master), this works fine. This problem manifests when using keystone and rgw_swift_account_in_url. From the logs, it appears that the tenant from the URL is being ignored.

luminous/master have very different code for this functionality, so this isn't a simple backport. However, the fix appears to be easy: just a few lines in rgw_rest_swift.cc to set the tenant seems to suffice.

#4 Updated by Nathan Cutler over 1 year ago

  • Subject changed from rgw: swift anonymous access doesn't work in jewel to jewel: rgw: swift anonymous access doesn't work in jewel

#5 Updated by Nathan Cutler about 1 year ago

  • Status changed from Need Review to In Progress

#6 Updated by Nathan Cutler about 1 year ago

  • Status changed from In Progress to Resolved
  • Target version set to v10.2.11

Also available in: Atom PDF